It seems that WannaCry is sputtering out. Unfortunately, the experts predict that similar attacks could resume at any time, so it’s best to be prepared.

Here’s a great article from Techsoup, a great nonprofit that helps other nonprofits access donations and discounts from more than 60 donor partners, including Microsoft, Adobe, Cisco, Intuit, and Symantec. Their suggestions are, almost always, low or no cost solutions. Nonprofits should visit their site and sign up. Your nonprofit will save money on hardware and software.

What You Can Do About Ransomware

Late last week, there was a huge ransomware attack called WannaCry that affected over 200,000 Windows PCs in 150 countries and is still going. The attack has hit businesses, universities, and hospitals so far. Nonprofit, church, library, and foundation offices are vulnerable to this malware, which can lock up your IT system until a ransom is paid. We thought we’d explain a bit how you can protect your office.

What Is Ransomware?

Ransomware is malware that comes into an IT network mainly when computer users open an unknown email attachment or click on a web link. The malware then locks up and encrypts the files in the IT system and holds them for ransom until a payment is made, usually demanded in Bitcoin. Ransomware became famous as a tool of cybercrime in 2013 with the infamous Cryptolocker attacks. The malware technique has actually been around since 1989, however.

WannaCry Ransomware

The WannaCry malware is the latest ransomware attack in a succession of them. This virus is also known as WannaCrypt, Wana Decryptor, or WCry. This particular type of ransomware exploits a vulnerability in the Microsoft Server file system. Apple products and systems based on the Linux/Unix operating systems are not at risk, unless running Windows System Emulator. Infected users are presented with a screen demanding a $300 to $600 payment to restore their files.

While the attack has hit more than 200,000 computers, only around 200 people are estimated to have paid the $300 ransom. In the U.S., Homeland Security says that the list of victims is very small. It is still relatively early in the WannaCry attack, however. The victims range widely, from small companies and organizations to large IT networks like the automaker Renault in Europe. Small offices, like those in nonprofits, are at risk in this cyberattack.

How to Protect Your IT System

Taking these steps will help keep you safe from ransomware attacks.

1. Take Advantage of These Microsoft Resources

Microsoft Safety Scanner is a free downloadable security tool for all Windows versions that provides on-demand scanning and helps remove viruses, spyware, and other malicious software. It works with your existing antivirus software.

2. Back Up Your Critical Data and Documents

If and when your organization is hit with a cyberattack, it is essential to have your mission-critical data and documents stored in the cloud or on a hard drive that is not connected to your IT system. After an attack, your computers or servers may require reimaging.

3. Update All Your Windows Software and Enable Automatic Updates

Since WannaCry malware attacks Windows operating systems, a critically important thing to do is to run Windows Update on all Windows devices and also Windows Server software and enable automatic updates on all Windows devices. Microsoft’s Security Bulletin MS17-010 from March of this year provides details on all the Windows software versions that can be patched by running Windows Update. Since the attack, Microsoft has issued patches for previously unsupported versions including Windows XP, Windows 8, and Windows Server 2003. You can download these security patches manually from Microsoft’s Update Catalog. (Link might not work in all browsers.)

If your organization is running old versions of Windows like XP or Server 2003, or if you’re running nonlegal (pirated) versions of Microsoft Windows or Windows Server, you may well have trouble running Windows Update. Check your TechSoup eligibility to see if your organization qualifies for Microsoft software donations.

4. Use Antivirus Software and Keep It Up to Date

Antivirus and malware protection software has become TechSoup’s most requested type of product donation over the last couple of years. This type of protection is designed to catch cyberattacks before they infect your IT system.

5. Be Really Careful with Email

Email is one of the main infection methods of all malware and specifically of WannaCry ransomware. Be wary of unexpected emails especially if they contain links or attachments. If you find a suspicious link, before you click on it, you can go to the free virustotal.com service. It will tell you whether or not it has been reported as a dangerous link.

Also, be extremely wary of any Microsoft Office email attachment that advises you to enable macros to view its content. Unless you are absolutely sure that this is a genuine email from a trusted source, do not enable macros and instead immediately delete the email.

6. Enable the File Extensions Option in Windows Settings

There are particular file types that pose the greatest security risk to all users. It is helpful to see what kinds of files you’re trying to open. File extensions like .exe, .vbs, and .scr are the dangerous ones. To be able to see file extensions, enable them in Windows Settings. I like the Laptop.com directions on how to do this in Windows 10.

7. If You Do Get Hit with Ransomware …

If you do get infected, shut down your PC and disconnect it from the Internet and your network. This of course limits the spread of the infection. Also, cybersecurity experts say that paying the ransom should be a last resort. Avoid doing that if you can. The alternative of rebuilding infected machines is not great either, but it does discourage cyberblackmailers from coming back.

The sad news in all of this is that new WannaCry ransomware variants are expected to appear going forward for some time. And new malware of other types will also come calling to attack our IT systems. This will be the case no matter how small our offices are. The good news is that the seven points we’ve listed above will give you greater protection for your IT system against future online threats. At TechSoup, we want ya’ll to stay safe out there.

Today many of our customers around the world and the critical systems they depend on were victims of malicious “WannaCrypt” software. Seeing businesses and individuals affected by cyberattacks, such as the ones reported today, was painful. Microsoft worked throughout the day to ensure we understood the attack and were taking all possible actions to protect our customers. This blog spells out the steps every individual and business should take to stay protected. Additionally, we are taking the highly unusual step of providing a security update for all customers to protect Windows platforms that are in custom support only, including Windows XP, Windows 8, and Windows Server 2003. Customers running Windows 10 were not targeted by the attack today.

Details are below.

In March, we released a security update which addresses the vulnerability that these attacks are exploiting. Those who have Windows Update enabled are protected against attacks on this vulnerability. For those organizations who have not yet applied the security update, we suggest you immediately deploy Microsoft Security Bulletin MS17-010.

For customers using Windows Defender, we released an update earlier today which detects this threat as Ransom:Win32/WannaCrypt. As an additional “defense-in-depth” measure, keep up-to-date anti-malware software installed on your machines. Customers running anti-malware software from any number of security companies can confirm with their provider, that they are protected.

This attack type may evolve over time, so any additional defense-in-depth strategies will provide additional protections. (For example, to further protect against SMBv1 attacks, customers should consider blocking legacy protocols on their networks).

We also know that some of our customers are running versions of Windows that no longer receive mainstream support. That means those customers will not have received the above mentioned Security Update released in March. Given the potential impact to customers and their businesses, we made the decision to make the Security Update for platforms in custom support only, Windows XP, Windows 8, and Windows Server 2003, broadly available for download (see links below).

Customers who are running supported versions of the operating system (Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8.1, Windows Server 2012, Windows 10, Windows Server 2012 R2, Windows Server 2016) will have received the security update MS17-010 in March. If customers have automatic updates enabled or have installed the update, they are protected. For other customers, we encourage them to install the update as soon as possible.

This decision was made based on an assessment of this situation, with the principle of protecting our customer ecosystem overall, firmly in mind.

Some of the observed attacks use common phishing tactics including malicious attachments. Customers should use vigilance when opening documents from untrusted or unknown sources. For Office 365 customers we are continually monitoring and updating to protect against these kinds of threats including Ransom:Win32/WannaCrypt. More information on the malware itself is available from the Microsoft Malware Protection Center on the Windows Security blog. For those new to the Microsoft Malware Protection Center, this is a technical discussion focused on providing the IT Security Professional with information to help further protect systems.

We are working with customers to provide additional assistance as this situation evolves, and will update this blog with details as appropriate.

Don’t say that we didn’t warn you (see here, here and especially here). Here’s a tale about a synagogue in the NYC area, but it could happen to anyone.

In mid-November the rabbi’s secretary was going about her business on the shul computer. Whether she was duped to click on an infected popup advertisement or she visited an infected website the damage was done. What we do know is that this ransom note appeared on her screen:

Then the panic. The note was accurate, they were locked out of the shul’s only computer. What should the shul do?

They couldn’t get to their Quickbooks.

They couldn’t get to their member software.

They couldn’t get to the file with the Yahrzeits.

They couldn’t get to their record of Kol Nidre pledges

Some computer-savvy members tried various tools, but no luck. The problem was eventually brought to the synagogue board and a hearty debate followed. Would they just be paying a ransom and get nothing in return (See the FBI guidance here)? Finally, the vote was to pay the ransom, 3 bitcoins (almost $2,400). Fortunately, the thieves were relatively honest. The synagogue’s files were decrypted and they could recover their data. Many other victims pay, but their computers remain locked.

Backup, backup, backup. There is no excuse. External thumb drives and hard drives are cheap. Buy one and take the time to configure the backup program so that it automatically, regularly keeps critical data safe. There are many free or low-cost cloud options. Backup to Google Drive, Dropbox or a cloud server provided by your anti-virus/backup program. The data in some shul membership management programs are automatically saved to the cloud which may even be monitored by full-time cybersecurity staff. Finally, more than one backup (e.g., one onsite, one offsite or in the cloud) is better than one … one is better than none.

Keep your anti-virus software up-to-date. The bad guys are smart and they’re getting smarter. Somehow, the bad guys got the rabbi’s secretary to click on the infected link. Our poor synagogue had anti-virus software, but it was a year out-of-date (duh, it turns itself off). Most of the better anti-virus programs are updated constantly and will probably stop a ransomware attack before your data is seized. Buy a license that will protect all of your computers. (see bargain software rates for nonprofits at Techsoup).

Have strong passwords and record them. Whoever set up the synagogue’s computer did follow “best practice” and didn’t give the users “Administrator” access (pardon the techy-talk). The trouble was that no one knew that password so the consultant who assisted the synagogue had to get permission from the board to reset the password before she could revive the computer. Click to https://www.lockdownyourlogin.com/ for the latest guidance on passwords.

Beware of residual “bread crumbs”. Some ransomware leaves malware on a computer so that the bad guys can re-infect the computer. After all, you paid once, won’t you pay again? Once you have recovered the encrypted files, use multiple products to scan your computer: first your new, up-to-date anti-virus program, then a some others (the trial or basic versions are available free online) such as Malwarebytes, CCleaner, SUPERAntispyware, to name a few. There is no perfect solution. Each may find something that the others missed.

Cybersecurity is a board responsibility. The incident was an expensive lesson. When no one on staff has computer skills, the board has a fiduciary responsibility to make sure that the staff know the basics of cyber-hygiene: the software is being updated, the backups are made, the anti-virus programs are working.

Finally, kudos to JCRC-NY’s outside computer maven from Dragonfly Technologies, who dropped everything to travel to the shul and spent many hours into the night to get them back in business and up-to-date.

Phishing attacks — usually giving you a plausible reason to “change” your password — have increased. Once they have your account information many criminal avenues open up. Here’s some background and good advice from Stratfor.

When managing your network, developing an app, or even organizing paper files, sound security is no accident. Companies that consider security from the start assess their options and make reasonable choices based on the nature of their business and the sensitivity of the information involved. Threats to data may transform over time, but the fundamentals of sound security remain constant. As the Federal Trade Commission outlined in Protecting Personal Information: A Guide for Business, you should know what personal information you have in your files and on your computers, and keep only what you need for your business. You should protect the information that you keep, and properly dispose of what you no longer need. And, of course, you should create a plan to respond to security incidents.

There’s another source of information about keeping sensitive data secure: the lessons learned from the more than 50 law enforcement actions the FTC has announced so far. These are settlements – no findings have been made by a court – and the specifics of the orders apply just to those companies, of course. But learning about alleged lapses that led to law enforcement can help your company improve its practices. And most of these alleged practices involve basic, fundamental security missteps. Distilling the facts of those cases down to their essence, here are ten lessons to learn that touch on vulnerabilities that could affect your company, along with practical guidance on how to reduce the risks they pose.